CVE-2024-57887: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-57887 is a use-after-free vulnerability discovered in the Linux kernel's DRM (Direct Rendering Manager) subsystem, specifically in the adv7533attachdsi() function of the ADV7511 display bridge driver. The vulnerability was disclosed on January 15, 2025, affecting Linux kernel versions from 4.8 through 6.13-rc5 (NVD).

The vulnerability occurs when the hostnode pointer is assigned and freed in adv7533parsedt(), but later accessed in adv7533attach_dsi(). This creates a use-after-free condition in the driver. The issue has been assigned a CVSS v3.1 base score of 7.8 (High) with vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating local access requirements with potential for high impact on confidentiality, integrity, and availability (NVD).

The vulnerability could potentially lead to privilege escalation, system crashes, or arbitrary code execution in the context of the kernel. The high CVSS score indicates serious potential consequences if exploited, particularly concerning system integrity and security (NVD).

The issue has been fixed by dropping ofnodeput() in adv7533parsedt() and calling ofnodeput() in the error path of probe() and in the remove() function. The fix has been implemented in multiple kernel versions through various patches (Kernel Patch).